85 lines
3.7 KiB
PHP
85 lines
3.7 KiB
PHP
<?php
|
|
require_once __DIR__ . '/_helpers.php';
|
|
api_require_login();
|
|
api_require_role(['admin']);
|
|
|
|
$method = $_SERVER['REQUEST_METHOD'];
|
|
$admin = current_user();
|
|
|
|
if ($method === 'GET') {
|
|
$stmt = $pdo->query('SELECT id, nama, email, role, rumah_ibadah_id, status_akun, kontak, alamat, nama_instansi, kategori_instansi, catatan_pengajuan, lat, lng, verified_at, created_at
|
|
FROM users
|
|
ORDER BY FIELD(status_akun, "Menunggu Verifikasi", "Aktif", "Ditolak"), created_at DESC');
|
|
json_response(['success' => true, 'data' => $stmt->fetchAll()]);
|
|
}
|
|
|
|
if ($method === 'PUT') {
|
|
$data = get_json_input();
|
|
required_fields($data, ['id','action']);
|
|
$id = clean_int($data['id']);
|
|
$action = clean_string($data['action']);
|
|
|
|
if ($id <= 0) {
|
|
json_response(['success' => false, 'message' => 'ID akun tidak valid.'], 422);
|
|
}
|
|
if ($id === (int)$admin['id'] && $action !== 'approve') {
|
|
json_response(['success' => false, 'message' => 'Akun yang sedang digunakan tidak dapat ditolak atau dihapus dari sini.'], 422);
|
|
}
|
|
|
|
$stmt = $pdo->prepare('SELECT * FROM users WHERE id = ? LIMIT 1');
|
|
$stmt->execute([$id]);
|
|
$user = $stmt->fetch();
|
|
if (!$user) {
|
|
json_response(['success' => false, 'message' => 'Akun tidak ditemukan.'], 404);
|
|
}
|
|
|
|
if ($action === 'reject') {
|
|
$stmt = $pdo->prepare('UPDATE users SET status_akun = "Ditolak", verified_by = ?, verified_at = NOW() WHERE id = ?');
|
|
$stmt->execute([$admin['id'], $id]);
|
|
json_response(['success' => true, 'message' => 'Pengajuan akun ditolak.']);
|
|
}
|
|
|
|
if ($action === 'approve') {
|
|
$rumahIbadahId = $user['rumah_ibadah_id'] ? (int)$user['rumah_ibadah_id'] : null;
|
|
|
|
if ($user['role'] === 'rumah_ibadah' && !$rumahIbadahId) {
|
|
if (empty($user['nama_instansi']) || empty($user['alamat']) || empty($user['kategori_instansi']) || $user['lat'] === null || $user['lng'] === null) {
|
|
json_response(['success' => false, 'message' => 'Data rumah ibadah pada pengajuan belum lengkap.'], 422);
|
|
}
|
|
|
|
$stmt = $pdo->prepare('INSERT INTO rumah_ibadah
|
|
(nama, alamat, kategori, pengurus, kontak, dana_sosial, kuota, radius, lat, lng, status, created_by)
|
|
VALUES (?, ?, ?, ?, ?, 0, 0, 500, ?, ?, "Aktif", ?)');
|
|
$stmt->execute([
|
|
$user['nama_instansi'],
|
|
$user['alamat'],
|
|
in_array($user['kategori_instansi'], ['Masjid','Gereja','Vihara','Klenteng','Pura','Lainnya'], true) ? $user['kategori_instansi'] : 'Lainnya',
|
|
$user['nama'],
|
|
$user['kontak'] ?? '',
|
|
$user['lat'],
|
|
$user['lng'],
|
|
$admin['id']
|
|
]);
|
|
$rumahIbadahId = (int)$pdo->lastInsertId();
|
|
}
|
|
|
|
$stmt = $pdo->prepare('UPDATE users SET status_akun = "Aktif", rumah_ibadah_id = ?, verified_by = ?, verified_at = NOW() WHERE id = ?');
|
|
$stmt->execute([$rumahIbadahId, $admin['id'], $id]);
|
|
json_response(['success' => true, 'message' => 'Akun berhasil disetujui.']);
|
|
}
|
|
|
|
json_response(['success' => false, 'message' => 'Aksi tidak dikenal.'], 422);
|
|
}
|
|
|
|
if ($method === 'DELETE') {
|
|
$id = clean_int($_GET['id'] ?? 0);
|
|
if ($id <= 0) json_response(['success' => false, 'message' => 'ID akun tidak valid.'], 422);
|
|
if ($id === (int)$admin['id']) json_response(['success' => false, 'message' => 'Akun yang sedang digunakan tidak dapat dihapus.'], 422);
|
|
|
|
$stmt = $pdo->prepare('DELETE FROM users WHERE id = ?');
|
|
$stmt->execute([$id]);
|
|
json_response(['success' => true, 'message' => 'Akun berhasil dihapus.']);
|
|
}
|
|
|
|
json_response(['success' => false, 'message' => 'Method tidak didukung.'], 405);
|